867f45d96d2e27ee23745604893170d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

867f45d96d2e27ee23745604893170d3_JaffaCakes118
Size

2.8MB
MD5

867f45d96d2e27ee23745604893170d3
SHA1

398a4d8ec760976b83cc5e3da9fc9c407536c478
SHA256

02c4b8a5e0f4bfcf0e47012a0bebf6a0a85dcb3f2d0437c01a41a6ef9ef9d425
SHA512

25f8b39b57b76de0c58ec00cd07bf24b5343d6237421f1c8150b6fb3a5a5793e5600874fefd534249f2285d380158c1f67b4def9dfd3e2d5c4658ba9cad6df68
SSDEEP

49152:B0Iw0LtI64FK7nJ7vKAcGmGRkdCIWkm0iYl4/BFCpt/aigPyWTaZhn/Xos/sWefB:BJTNMGR+CIWkm0iYlI7s/sWcv

Score

1^/10

Malware Config

Signatures

Files

867f45d96d2e27ee23745604893170d3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9aee647629186f92a19eb2192474ee48

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:70:a1:7d:75:6f:ec:88:85:9a:29:46:be:d7:69:44
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/05/2019, 00:00

Not After

08/05/2020, 12:00

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:40:74:8d:43:58:a1:47:81:d6:a9:c3:07:b3:aa:9c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2019, 00:00

Not After

08/05/2020, 12:00

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

87:f4:9c:e5:74:28:ae:dc:17:58:b2:01:6c:f1:98:66:03:20:dc:06:ad:9c:46:e9:bd:38:14:5c:25:91:a1:67
Signer

Actual PE Digest

87:f4:9c:e5:74:28:ae:dc:17:58:b2:01:6c:f1:98:66:03:20:dc:06:ad:9c:46:e9:bd:38:14:5c:25:91:a1:67

Digest Algorithm

sha256

PE Digest Matches

true

c2:ec:f7:21:2d:04:f5:2f:2b:b7:cc:c1:f0:5a:63:7b:1c:56:ad:89
Signer

Actual PE Digest

c2:ec:f7:21:2d:04:f5:2f:2b:b7:cc:c1:f0:5a:63:7b:1c:56:ad:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\branches\5.4.1\Rhino\Safe\Bin\Win32\release\pdb\FuncAssistant.pdb

Imports

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcp120

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??_7facet@locale@std@@6B@
_Wcscoll
_Wcsxfrm
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
_Nan
_Inf
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??7ios_base@std@@QBE_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
??_7_Facet_base@std@@6B@
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
??1_Facet_base@std@@UAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Container_base12@std@@QAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Xruntime_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0_Locinfo@std@@QAE@HPBD@Z
?_Getname@_Locinfo@std@@QBEPBDXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Winerror_map@std@@YAPBDH@Z

msvcr120

memmove
_purecall
??3@YAXPAX@Z
_hypot
??2@YAPAXI@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
free
strchr
realloc
atof
memmove_s
wmemcpy_s
malloc
wcsnlen
memcpy_s
??_V@YAXPAX@Z
atoi
wcsrchr
fopen
fread
ftell
fseek
fclose
_wfopen_s
rewind
_except1
fwrite
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
wcschr
towlower
wcsstr
_vsnwprintf
towupper
_errno
strstr
memchr
tolower
toupper
_mktime64
_localtime64
_time64
rand
srand
fputc
??1exception@std@@UAE@XZ
_except_handler4_common
__CxxFrameHandler3
__clean_type_info_names_internal
_recalloc
strpbrk
_dtest
fprintf
localeconv
__iob_func
sprintf_s
modf
abort
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??0exception@std@@QAE@XZ
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
wcsncpy
isalnum
wcstoul
_wcsicmp
swscanf_s
sscanf
_splitpath_s
_stricmp
_vswprintf_c_l
calloc
_beginthreadex
_wtoi
_wcsnicmp
?terminate@@YAXXZ
sprintf
_lock_file
setvbuf
fsetpos
fgetc
fflush
_fseeki64
fgetpos
ungetc
_unlock_file
memset
memcpy
_CxxThrowException
__RTDynamicCast
_initterm_e

kernel32

GetModuleHandleExW
OutputDebugStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
FormatMessageW
GetFileSizeEx
LoadLibraryA
GlobalMemoryStatusEx
SetLastError
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileTime
ReadFile
SetEndOfFile
GetFileSize
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
MoveFileW
GetCurrentDirectoryW
GetTempPathW
CopyFileW
SetFileTime
CreateDirectoryW
MoveFileExW
GetTempFileNameW
GetFullPathNameW
GlobalFree
GlobalAlloc
lstrcpyW
lstrcatW
lstrlenW
GetFileAttributesW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
GetExitCodeProcess
CreateProcessW
LoadLibraryExW
ResumeThread
ReleaseMutex
FindNextFileW
FindClose
GetVolumeInformationW
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
lstrcmpiW
GetSystemInfo
GetVersionExW
SearchPathW
OpenEventW
CreateEventW
ResetEvent
Sleep
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
GetShortPathNameW
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
InterlockedExchangeAdd
MultiByteToWideChar
GetACP
WideCharToMultiByte
DeviceIoControl
LocalAlloc
GetSystemDirectoryW
GetTickCount
SetThreadExecutionState
GetDriveTypeW
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CreateMutexW
GetProcessTimes
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringW
GetUserDefaultLangID
GetModuleHandleW
GetCurrentProcess
FileTimeToLocalFileTime
CreateFileMappingW
GetProcAddress
FileTimeToSystemTime
LoadLibraryW
FreeLibrary
QueryDosDeviceW
GetLogicalDriveStringsW
VirtualQuery
GetCurrentThreadId
GetLocalTime
CreateFileW
GetModuleFileNameW
WriteFile
SetFilePointer
SetProcessWorkingSetSize
TerminateProcess
OpenProcess
WaitForSingleObject
LocalFree
DeleteCriticalSection
LockResource
HeapSize
RaiseException
HeapDestroy
SizeofResource
GetProcessHeap
HeapFree
HeapAlloc
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
CloseHandle
WaitForMultipleObjects
GetLastError
OpenMutexW
DecodePointer

user32

GetWindowThreadProcessId
UnregisterClassW
GetShellWindow
OpenDesktopW
FindWindowW
ExitWindowsEx
CloseDesktop
SwitchDesktop
FindWindowExW
GetWindow
SetForegroundWindow
GetWindowLongW
ShowWindow
IsWindow
IsWindowVisible
SendMessageW
GetWindowRect
GetFocus
GetParent
AttachThreadInput
WindowFromPoint
SetFocus
GetForegroundWindow
GetClassNameW
GetDesktopWindow
SetWindowPos
GetSystemMetrics

advapi32

EqualSid
AdjustTokenPrivileges
FreeSid
RegOpenKeyExW
SetEntriesInAclW
AllocateAndInitializeSid
LookupPrivilegeValueW
SetNamedSecurityInfoW
GetTokenInformation
OpenProcessToken
LookupPrivilegeNameW
CloseServiceHandle
SetFileSecurityW
GetFileSecurityW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
RegCloseKey

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeSecurity

shell32

SHGetFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW

oleaut32

SysStringLen
VariantClear
SysFreeString
SysAllocStringLen
VariantInit
SysAllocString

shlwapi

PathIsNetworkPathW
SHEnumValueW
PathFindFileNameW
PathRemoveFileSpecW

Exports

Exports

RCVBusGetModuleCount
RCVBusQueryModule
RCVBusReleaseModule

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aee647629186f92a19eb2192474ee48

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0d:70:a1:7d:75:6f:ec:88:85:9a:29:46:be:d7:69:44Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:40:74:8d:43:58:a1:47:81:d6:a9:c3:07:b3:aa:9cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

87:f4:9c:e5:74:28:ae:dc:17:58:b2:01:6c:f1:98:66:03:20:dc:06:ad:9c:46:e9:bd:38:14:5c:25:91:a1:67Signer

c2:ec:f7:21:2d:04:f5:2f:2b:b7:cc:c1:f0:5a:63:7b:1c:56:ad:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

version

msvcp120

msvcr120

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 430KB - Virtual size: 430KB

.data Size: 64KB - Virtual size: 66KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 137KB - Virtual size: 137KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0d:70:a1:7d:75:6f:ec:88:85:9a:29:46:be:d7:69:44
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:40:74:8d:43:58:a1:47:81:d6:a9:c3:07:b3:aa:9c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

87:f4:9c:e5:74:28:ae:dc:17:58:b2:01:6c:f1:98:66:03:20:dc:06:ad:9c:46:e9:bd:38:14:5c:25:91:a1:67
Signer

c2:ec:f7:21:2d:04:f5:2f:2b:b7:cc:c1:f0:5a:63:7b:1c:56:ad:89
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 430KB - Virtual size: 430KB

.data
Size: 64KB - Virtual size: 66KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 137KB - Virtual size: 137KB